Julien_Snow Posted February 23, 2016 Share Posted February 23, 2016 Bonjour, Je ne sais pas si cela a déjà été remonté, mais lorsque l'on soumet un formulaire dans l'admin, par exemple celles des traductions, on a le login + MDP en claire qui est transmis si on a enregistré son mot de passe via Mozilla (par exemple) ! C'est un peu limite comme sécurité. Cela vient de la lightbox qui est "caché" mais qui reprend tout de même les informations. Link to comment Share on other sites More sharing options...
coeos.pro Posted February 23, 2016 Share Posted February 23, 2016 Dans firefox, tu vas dans menu > options > sécurité > tu cliques sur "Mots de passes enregistrés..." ensuite sur le bouton "Afficher les mots de passe" et tu as liste des sites internet, des login, et des mots de passe tu parles de ça ? Link to comment Share on other sites More sharing options...
Eolia Posted February 23, 2016 Share Posted February 23, 2016 Non, il parle des logins et mot de passe quand on est connecté à Addons depuis le BO. Ce sujet a déjà été remonté il y a 2 ans déjà... Link to comment Share on other sites More sharing options...
coeos.pro Posted February 23, 2016 Share Posted February 23, 2016 j'ai compris après coup, mais je vois pas ou c'est Link to comment Share on other sites More sharing options...
Julien_Snow Posted February 23, 2016 Author Share Posted February 23, 2016 J'ai mis un screen du log réseau via la console Mozilla des données passées en POST.C'est rassurant si ça fait 2 ans que ça a été remonté Link to comment Share on other sites More sharing options...
Eolia Posted February 23, 2016 Share Posted February 23, 2016 (edited) Bah, il parait que ce n'est pas important Regarde tout ce que tu envoies à Addons: public static function addonsRequest($request, $params = array()) { if (!self::$is_addons_up) { return false; } $post_data = http_build_query(array( 'version' => isset($params['version']) ? $params['version'] : _PS_VERSION_, 'iso_lang' => Tools::strtolower(isset($params['iso_lang']) ? $params['iso_lang'] : Context::getContext()->language->iso_code), 'iso_code' => Tools::strtolower(isset($params['iso_country']) ? $params['iso_country'] : Country::getIsoById(Configuration::get('PS_COUNTRY_DEFAULT'))), 'shop_url' => isset($params['shop_url']) ? $params['shop_url'] : Tools::getShopDomain(), 'mail' => isset($params['email']) ? $params['email'] : Configuration::get('PS_SHOP_EMAIL') )); $protocols = array('https'); $end_point = 'api.addons.prestashop.com'; switch ($request) { case 'native': $protocols[] = 'http'; $post_data .= '&method=listing&action=native'; break; case 'native_all': $protocols[] = 'http'; $post_data .= '&method=listing&action=native&iso_code=all'; break; case 'must-have': $protocols[] = 'http'; $post_data .= '&method=listing&action=must-have'; break; case 'must-have-themes': $protocols[] = 'http'; $post_data .= '&method=listing&action=must-have-themes'; break; case 'customer': $post_data .= '&method=listing&action=customer&username='.urlencode(trim(Context::getContext()->cookie->username_addons)) .'&password='.urlencode(trim(Context::getContext()->cookie->password_addons)); break; case 'customer_themes': $post_data .= '&method=listing&action=customer-themes&username='.urlencode(trim(Context::getContext()->cookie->username_addons)) .'&password='.urlencode(trim(Context::getContext()->cookie->password_addons)); break; case 'check_customer': $post_data .= '&method=check_customer&username='.urlencode($params['username_addons']).'&password='.urlencode($params['password_addons']); break; case 'check_module': $post_data .= '&method=check&module_name='.urlencode($params['module_name']).'&module_key='.urlencode($params['module_key']); break; case 'module': $post_data .= '&method=module&id_module='.urlencode($params['id_module']); if (isset($params['username_addons']) && isset($params['password_addons'])) { $post_data .= '&username='.urlencode($params['username_addons']).'&password='.urlencode($params['password_addons']); } else { $protocols[] = 'http'; } break; case 'hosted_module': $post_data .= '&method=module&id_module='.urlencode((int)$params['id_module']).'&username='.urlencode($params['hosted_email']) .'&password='.urlencode($params['password_addons']) .'&shop_url='.urlencode(isset($params['shop_url']) ? $params['shop_url'] : Tools::getShopDomain()) .'&mail='.urlencode(isset($params['email']) ? $params['email'] : Configuration::get('PS_SHOP_EMAIL')); $protocols[] = 'https'; break; case 'install-modules': $protocols[] = 'http'; $post_data .= '&method=listing&action=install-modules'; $post_data .= defined('_PS_HOST_MODE_') ? '-od' : ''; break; default: return false; } $context = stream_context_create(array( 'http' => array( 'method' => 'POST', 'content' => $post_data, 'header' => 'Content-type: application/x-www-form-urlencoded', 'timeout' => 5, ) )); foreach ($protocols as $protocol) { return $content; } } self::$is_addons_up = false; return false; } Edited February 23, 2016 by Eolia (see edit history) Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now